Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #432962 by stevepurkiss, dags, mcrittenden, dawehner, Rob C, EllaTheHarpy: Added option to disable password strength checking.

8.0.x
Dries 2013-02-16 12:36:42 -05:00
parent c36aafa618
commit c5b33012ce
6 changed files with 89 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
core/modules/user/config/user.settings.yml
View File

@ -14,3 +14,4 @@ register: visitors
signatures: '0'
cancel_method: user_cancel_block
password_reset_timeout: '86400'
password_strength: '1'

11
core/modules/user/lib/Drupal/user/Tests/UserCreateTest.php
View File

@ -36,6 +36,17 @@ class UserCreateTest extends WebTestBase {
$this->assertFieldbyId('edit-status-1', 1, 'The user status option Active exists.', 'User login');
$this->assertFieldByXPath('//input[@type="radio" and @id="edit-status-1" and @checked="checked"]', NULL, 'Default setting for user status is active.');
// Test that the password strength indicator displays.
$config = config('user.settings');
$config->set('password_strength', TRUE)->save();
$this->drupalGet('admin/people/create');
$this->assertRaw(t('Password strength:'), 'The password strength indicator is displayed.');
$config->set('password_strength', FALSE)->save();
$this->drupalGet('admin/people/create');
$this->assertNoRaw(t('Password strength:'), 'The password strength indicator is not displayed.');
// We create two users, notifying one and not notifying the other, to
// ensure that the tests work in both cases.
foreach (array(FALSE, TRUE) as $notify) {

12
core/modules/user/lib/Drupal/user/Tests/UserEditTest.php
View File

@ -76,6 +76,18 @@ class UserEditTest extends WebTestBase {
$user1->pass_raw = $new_pass;
$this->drupalLogin($user1);
$this->drupalLogout();
// Test that the password strength indicator displays.
$config = config('user.settings');
$this->drupalLogin($user1);
$config->set('password_strength', TRUE)->save();
$this->drupalPost("user/$user1->uid/edit", $edit, t('Save'));
$this->assertRaw(t('Password strength:'), 'The password strength indicator is displayed.');
$config->set('password_strength', FALSE)->save();
$this->drupalPost("user/$user1->uid/edit", $edit, t('Save'));
$this->assertNoRaw(t('Password strength:'), 'The password strength indicator is not displayed.');
}
/**

6
core/modules/user/user.admin.inc
View File

@ -361,6 +361,11 @@ function user_admin_settings($form, &$form_state) {
'#default_value' => $config->get('verify_mail'),
'#description' => t('New users will be required to validate their e-mail address prior to logging into the site, and will be assigned a system-generated password. With this setting disabled, users will be logged in immediately upon registering, and may select their own passwords during registration.')
);
$form['registration_cancellation']['user_password_strength'] = array(
'#type' => 'checkbox',
'#title' => t('Enable password strength indicator'),
'#default_value' => $config->get('password_strength'),
);
form_load_include($form_state, 'inc', 'user', 'user.pages');
$form['registration_cancellation']['user_cancel_method'] = array(
'#type' => 'radios',
@ -631,6 +636,7 @@ function user_admin_settings_submit($form, &$form_state) {
->set('anonymous', $form_state['values']['anonymous'])
->set('admin_role', $form_state['values']['user_admin_role'])
->set('register', $form_state['values']['user_register'])
->set('password_strength', $form_state['values']['user_password_strength'])
->set('verify_mail', $form_state['values']['user_email_verification'])
->set('signatures', $form_state['values']['user_signatures'])
->set('cancel_method', $form_state['values']['user_cancel_method'])

95
core/modules/user/user.js
View File

@ -23,70 +23,61 @@ Drupal.behaviors.password = {
var confirmResult = outerWrapper.find('div.password-confirm');
var confirmChild = confirmResult.find('span');
// Add the description box.
var passwordMeter = '<div class="password-strength"><div class="password-strength-text" aria-live="assertive"></div><div class="password-strength-title">' + translate.strengthTitle + '</div><div class="password-indicator"><div class="indicator"></div></div></div>';
confirmInput.parent().after('<div class="password-suggestions description"></div>');
innerWrapper.append(passwordMeter);
var passwordDescription = outerWrapper.find('div.password-suggestions').hide();
// If the password strength indicator is enabled, add its markup.
if (settings.password.showStrengthIndicator) {
var passwordMeter = '<div class="password-strength"><div class="password-strength-text" aria-live="assertive"></div><div class="password-strength-title">' + translate.strengthTitle + '</div><div class="password-indicator"><div class="indicator"></div></div></div>';
confirmInput.parent().after('<div class="password-suggestions description"></div>');
innerWrapper.prepend(passwordMeter);
var passwordDescription = outerWrapper.find('div.password-suggestions').hide();
}
// Check that password and confirmation inputs match.
var passwordCheckMatch = function (confirmInputVal) {
var success = passwordInput.val() === confirmInputVal;
var confirmClass = success ? 'ok' : 'error';
// Fill in the success message and set the class accordingly.
confirmChild.html(translate['confirm' + (success ? 'Success' : 'Failure')])
.removeClass('ok error').addClass(confirmClass);
};
// Check the password strength.
var passwordCheck = function () {
if (settings.password.showStrengthIndicator) {
// Evaluate the password strength.
var result = Drupal.evaluatePasswordStrength(passwordInput.val(), settings.password);
// Evaluate the password strength.
var result = Drupal.evaluatePasswordStrength(passwordInput.val(), settings.password);
// Update the suggestions for how to improve the password.
if (passwordDescription.html() !== result.message) {
passwordDescription.html(result.message);
}
// Only show the description box if there is a weakness in the password.
if (result.strength === 100) {
passwordDescription.hide();
}
else {
passwordDescription.show();
}
// Adjust the length of the strength indicator.
innerWrapper.find('.indicator')
.css('width', result.strength + '%')
.css('background-color', result.indicatorColor);
// Update the strength indication text.
innerWrapper.find('.password-strength-text').html(result.indicatorText);
passwordCheckMatch();
};
// Check that password and confirmation inputs match.
var passwordCheckMatch = function () {
if (confirmInput.val()) {
var success = passwordInput.val() === confirmInput.val();
// Show the confirm result.
confirmResult.css({ visibility: 'visible' });
// Remove the previous styling if any exists.
if (this.confirmClass) {
confirmChild.removeClass(this.confirmClass);
// Update the suggestions for how to improve the password.
if (passwordDescription.html() !== result.message) {
passwordDescription.html(result.message);
}
// Fill in the success message and set the class accordingly.
var confirmClass = success ? 'ok' : 'error';
confirmChild.html(translate['confirm' + (success ? 'Success' : 'Failure')]).addClass(confirmClass);
this.confirmClass = confirmClass;
// Only show the description box if a weakness exists in the password.
result.strength === 100 ? passwordDescription.hide() : passwordDescription.show();
// Adjust the length of the strength indicator.
innerWrapper.find('.indicator')
.css('width', result.strength + '%')
.css('background-color', result.indicatorColor);
// Update the strength indication text.
innerWrapper.find('.password-strength-text').html(result.indicatorText);
}
// Check the value in the confirm input and show results.
if (confirmInput.val()) {
passwordCheckMatch(confirmInput.val());
confirmResult.css({ visibility: 'visible' });
}
else {
confirmResult.css({ visibility: 'hidden' });
}
};
// Monitor keyup and blur events.
// Blur must be used because a mouse paste does not trigger keyup.
passwordInput.keyup(passwordCheck).focus(passwordCheck).blur(passwordCheck);
confirmInput.keyup(passwordCheckMatch).blur(passwordCheckMatch);
// Monitor input events.
$.each([passwordInput, confirmInput], function () {
this.bind('input', passwordCheck);
});
});
}
};

23
core/modules/user/user.module
View File

@ -2440,10 +2440,18 @@ function _user_mail_notify($op, $account, $langcode = NULL) {
* @see system_element_info()
*/
function user_form_process_password_confirm($element) {
global $user;
$password_settings = array(
'confirmTitle' => t('Passwords match:'),
'confirmSuccess' => t('yes'),
'confirmFailure' => t('no'),
'showStrengthIndicator' => FALSE,
);
$js_settings = array(
'password' => array(
if (config('user.settings')->get('password_strength')) {
global $user;
$password_settings['showStrengthIndicator'] = TRUE;
$password_settings += array(
'strengthTitle' => t('Password strength:'),
'hasWeaknesses' => t('To make your password stronger:'),
'tooShort' => t('Make it at least 6 characters'),
@ -2452,15 +2460,16 @@ function user_form_process_password_confirm($element) {
'addNumbers' => t('Add numbers'),
'addPunctuation' => t('Add punctuation'),
'sameAsUsername' => t('Make it different from your username'),
'confirmSuccess' => t('yes'),
'confirmFailure' => t('no'),
'weak' => t('Weak'),
'fair' => t('Fair'),
'good' => t('Good'),
'strong' => t('Strong'),
'confirmTitle' => t('Passwords match:'),
'username' => (isset($user->name) ? $user->name : ''),
),
);
}
$js_settings = array(
'password' => $password_settings,
);
$element['#attached']['library'][] = array('user', 'drupal.user');